- From: John Cowan <cowan@ccil.org>
- Date: Wed, 27 Jun 2007 12:46:42 -0400
- To: "Williams, Stuart (HP Labs, Bristol)" <skw@hp.com>
- Cc: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>, www-tag@w3.org, "Rice, Ed (ProCurve)" <ed.rice@hp.com>
Williams, Stuart (HP Labs, Bristol) scripsit:
> 1) Some regard that there are reasonable use cases for weak protection
> of passwords - and demur against the Good Practice advice: "A client or
> browser SHOULD NOT transmit passwords in clear text."
[snip]
> a desire to find a reliable basis on which to advise that UA's
> detect weakly protected password transfers;
This combination strikes me as counterproductive. I have made decisions
I consider to be rational that low-security passwords suffice for
certain kinds of sites: for example, sites that let me subscribe or
unsubscribe to mailing lists. If my browser yammers every time I
deal with such a site, I will shut it up, get someone else to shut it up,
or find a less compliant but more usable browser. I don't think I'm
alone in this feeling.
--
All Norstrilians knew what laughter was: John Cowan
it was "pleasurable corrigible malfunction". cowan@ccil.org
--Cordwainer Smith, Norstrilia
Received on Wednesday, 27 June 2007 16:46:53 UTC